- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.
09-21-2022 02:45 PM
Hello @Doyenadmin
thank you for the post.
1. Personally, I would start with changing it on application / service port level first instead of changing it globally for all sessions. Regarding impact changing this globally, it is hard to give estimate without knowing your customer traffic environment, however since firewall has to maintain sessions for prolog time, you could doble your DP utilization. Also you should watch for maximum session count and memory utilization.
2. This is correct understanding. Changing time out on service port level will override global setting: https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/app-id/service-based-session-timeouts
Kind Regards
Pavel